From owner-freebsd-security  Mon Jan 22 13:45:34 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id NAA17288
          for security-outgoing; Mon, 22 Jan 1996 13:45:34 -0800 (PST)
Received: from rocky.sri.MT.net (rocky.sri.MT.net [204.182.243.10])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id NAA17253
          for <security@freebsd.org>; Mon, 22 Jan 1996 13:45:13 -0800 (PST)
Received: (from nate@localhost) by rocky.sri.MT.net (8.6.12/8.6.12) id OAA23067; Mon, 22 Jan 1996 14:47:44 -0700
Date: Mon, 22 Jan 1996 14:47:44 -0700
From: Nate Williams <nate@sri.MT.net>
Message-Id: <199601222147.OAA23067@rocky.sri.MT.net>
To: Peter Wemm <peter@jhome.DIALix.COM>
Cc: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A.
    Chernov, Black Mage) <ache@astral.msk.su>,
        security@freebsd.org
Subject: Re: ssh /etc config files location.. 
In-Reply-To: <199601221821.CAA11303@jhome.DIALix.COM>
References: <GDcVv0nyd6@ache.dialup.ru>
	<199601221821.CAA11303@jhome.DIALix.COM>
Sender: owner-security@freebsd.org
Precedence: bulk

Peter Wemm writes:
> BTW: ssh-1.2.12a is SERIOUSLY crippled.  It is damaged in several ways
> as part of the "emergency patch", and still not secure because it
> installed /usr/local/bin/ssh setuid-root.  It now creates files in
> your home directory while running as root, causing potential new holes
> and races. :-(

For those of us who use ssh and don't keep on the security lists outside
this one, can you explain what hold the 'emergency patch' is trying to
fix, and if there is some way of working around it?

Thanks!


Nate